|  | 
| 
 | |||||||
| Plagegeister aller Art und deren Bekämpfung: Windows 7 startet und bleib mit einem grauen Bildschirm leer vielleicht GVU TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. | 
|  | 
|  18.01.2013, 11:39 | #1 | 
|  |   Windows 7 startet und bleib mit einem grauen Bildschirm leer vielleicht GVU Trojaner Hallo liebe Helfende, ich habe von einem bekannten einen Laptop bekommen der laut ihm, mit dem GVU Trojaner infiziert sein soll. Leider kann ich es momentan nicht bestätigen da der Laptop momentan nach dem Start von Windows 7 mit einem grauen Bildschirm einfach stehen bleibt. Maus vorhanden reagiert auch auf Bewegung aber reagiert nicht auf die Maustasten (z.B. Rechtsklick). Leider kann ich nicht auf den Desktop zugreifen da ja dieser Laptop mit dem grauen Bildschirm stehen bleibt. Deshalb kann ich die Programme die von euch empfohlen und benötigt werden nicht benutzen. Ich bedanke mich schon einmal im voraus für eure Bemühungen, und hoffe das Ihr mir hier helfen könnt. | 
|  18.01.2013, 16:57 | #2 | 
| /// TB-Ausbilder    |   Windows 7 startet und bleib mit einem grauen Bildschirm leer vielleicht GVU Trojaner Dann probieren wir mal was :__________________  Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.  Bitte Lesen: Regeln für die Bereinigung Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen: 
 Gelesen und verstanden? Computer entsperren mit HitmanPro.Kickstart 
 
				__________________ | 
|  18.01.2013, 18:49 | #3 | 
|  |   Windows 7 startet und bleib mit einem grauen Bildschirm leer vielleicht GVU Trojaner Hallo ryder,__________________ vielen Dank für deine angebotene Hilfe ;-) Ich habe einen 16GB-Stick mit HitmanPro vorbereitet. Hat alles einwandfrei ohne Schwierigkeiten funktioniert. Danach habe ich den vorbereiteten Stick am infizierten Laptop angeschlossen und wie beschrieben gebootet. Dann startet Windows normal, ich gebe das Passwort ein und HitmanPro versucht zu starten, ich sehe kurz das grün beschriebenen Fenster und dann kommt nach ca. 1 sekunde ein Bluescreen. Ich habe folgende Meldung aufschnappen können: Technical Information 0x000000F4 leider verschwindet der Blueuscrenn wieder so schnell weil der Computer wieder einen Neustart macht. Das gleiche habe ich dreimal hintereinander immer wieder :-( Ich bin nicht bis zu dem folgenden Punkt gekommen: Klicke jetzt: Weiter > "Nein, ich möchte nur einen Einmalscan ..." > Weiter | 
|  18.01.2013, 18:59 | #4 | 
| /// TB-Ausbilder    |   Windows 7 startet und bleib mit einem grauen Bildschirm leer vielleicht GVU Trojaner Okay und hast du auch mal die 2. Bootmethode probiert?  
				__________________  Digitale Freibeuter gegen Malware!  Keine Hilfe per PM! | 
|  18.01.2013, 19:04 | #5 | 
|  |   Windows 7 startet und bleib mit einem grauen Bildschirm leer vielleicht GVU Trojaner Wollte nicht einfach irgendwas machen. Ich habe es gerade probiert selber Bluescreen  | 
|  18.01.2013, 19:05 | #6 | 
| /// TB-Ausbilder    |   Windows 7 startet und bleib mit einem grauen Bildschirm leer vielleicht GVU Trojaner In Ordnung. Dann werde ich das mal weitermelden. Wir probieren es mal anders: Scan mit Farbar's Recovery Scan Tool 
 
				__________________ --> Windows 7 startet und bleib mit einem grauen Bildschirm leer vielleicht GVU Trojaner | 
|  18.01.2013, 19:21 | #7 | 
|  |   Windows 7 startet und bleib mit einem grauen Bildschirm leer vielleicht GVU Trojaner Das hat einwandfrei funktioniert  Code: 
  ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2013
Ran by SYSTEM at 18-01-2013 19:14:18
Running from I:\
Windows 7 Home Premium   (X64) OS Language: English(US) 
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-08-25] ()
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2012-07-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [15544 2009-08-25] ()
HKLM-x32\...\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-07-17] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Ghost 14.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe" [2245984 2008-01-19] (Symantec Corporation)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2011-05-19] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [618496 2010-06-07] ()
HKLM-x32\...\Run: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [1998848 2010-11-11] ()
HKLM-x32\...\Run: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [1998848 2010-11-11] ()
HKLM-x32\...\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-24] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [324 2012-09-04] ()
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-23] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [DellNSCST_GRNCH] "C:\Program Files (x86)\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" /HIDEUI [278528 2008-07-16] (Dell)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKU\Baumgärtner\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\Baumgärtner\...\Run: [Dexpot] C:\Program Files (x86)\Dexpot\dexpot.exe [1413120 2012-11-19] (Dexpot GbR)
HKU\Baumgärtner\...\Run: [ABBYY Screenshot Reader Bonus] "C:\Program Files (x86)\ABBYY PDF Transformer 3.0\Bonus.ScreenshotReader.exe" -autorun [939272 2010-03-24] (ABBYY)
HKU\Baumgärtner\...\Run: [AdobeBridge]  [x]
HKU\Baumgärtner\...\Policies\system: [DisableLockWorkstation] 0
HKU\Baumgärtner\...\Policies\system: [DisableChangePassword] 0
HKU\Baumgärtner\...\Winlogon: [Shell] explorer.exe,C:\Users\Baumgärtner\AppData\Roaming\skype.dat [62976 2011-11-16] ()
HKU\Max\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\Max\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Vesna\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\Vesna\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Vesna\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex [x]
HKU\xanthin\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\xanthin\...\Run: [Remote Control Editor] "C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [1689088 2010-06-09] (Elgato Systems)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\..\Interfaces\{7AA861DE-D044-431B-A87E-18137F4FE388}: [NameServer]217.237.150.188,217.237.150.33
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ControlCenter.lnk
ShortcutTarget: ControlCenter.lnk -> C:\Program Files (x86)\T-Home\Eumex 800 V1.30\ControlCenter.exe (T-Com)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
==================== Services (Whitelisted) ===================
2 ABBYY.Licensing.PDFTransformer.Classic.3.0; "C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe" -service [759048 2010-02-01] (ABBYY)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-23] (AVAST Software)
3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2999664 2007-09-26] (Symantec Corporation)
2 NitroReaderDriverReadSpool2; "C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe" [341296 2011-06-21] (Nitro PDF Software)
2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4388192 2008-01-19] (Symantec Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 Samsung Network Fax Server; "C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe" [216576 2010-03-07] (Samsung Electronics Co., Ltd.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
2 StarMoney 7.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
2 StarMoney 8.0 OnlineUpdate; "C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe" [692432 2012-06-28] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
2 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe /Processid:{7E2A9886-3A3B-4E7B-968E-BACFBBCA486F} [9728 2009-07-13] (Microsoft Corporation)
2 Symantec SymSnap VSS Provider; C:\Windows\SysWow64\dllhost.exe /Processid:{7E2A9886-3A3B-4E7B-968E-BACFBBCA486F} [7168 2009-07-13] (Microsoft Corporation)
3 SymSnapService; "C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe" [2538480 2007-12-20] (Symantec)
2 TVCapSvc; "C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe" [296360 2009-10-06] ()
==================== Drivers (Whitelisted) =====================
3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-13] (Microsoft Corporation)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-23] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-23] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-23] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [364096 2012-10-23] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-23] (AVAST Software)
3 AVerAF15; C:\Windows\System32\Drivers\AVerAF15.sys [311424 2009-05-21] (AVerMedia TECHNOLOGIES, Inc.)
2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [53816 2009-07-13] (Samsung Electronics Co., Ltd.)
3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
2 SSPORT; C:\Windows\SysWow64\Drivers\SSPORT.sys [11576 2009-07-11] (Samsung Electronics)
0 symsnap; C:\Windows\System32\Drivers\symsnap.sys [165424 2007-12-20] (StorageCraft)
2 v2imount; C:\Windows\System32\Drivers\v2imount.sys [45104 2008-01-19] (Symantec Corporation)
3 VProEventMonitor; C:\Windows\System32\Drivers\VProEventMonitor.sys [20528 2008-01-19] (Symantec Corporation)
2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-16] (CyberLink Corp.)
4 eabfiltr;  [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]
3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x64\Sandra.sys [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2013-01-18 10:01 - 2013-01-18 10:01 - 00282952 ____A C:\Windows\Minidump\011813-57189-01.dmp
2013-01-18 09:59 - 2013-01-18 09:59 - 00282944 ____A C:\Windows\Minidump\011813-58422-01.dmp
2013-01-18 09:38 - 2013-01-18 09:38 - 00283088 ____A C:\Windows\Minidump\011813-57704-01.dmp
2013-01-18 09:35 - 2013-01-18 09:35 - 00282856 ____A C:\Windows\Minidump\011813-57049-01.dmp
2013-01-18 09:33 - 2013-01-18 09:33 - 00000000 ____D C:\Users\All Users\HitmanPro
2013-01-17 15:43 - 2013-01-18 10:04 - 00000004 ____A C:\Users\Baumgärtner\AppData\Roaming\skype.ini
2013-01-17 15:43 - 2013-01-17 15:43 - 00062976 ____A () C:\Users\Baumgärtner\6259162.exe
2013-01-12 08:24 - 2013-01-12 08:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-22 00:57 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-22 00:57 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-22 00:57 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-22 00:57 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-22 00:57 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-22 00:57 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-22 00:57 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-22 00:57 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-22 00:57 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-22 00:57 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-22 00:57 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-22 00:57 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-22 00:57 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-22 00:57 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-22 00:57 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-22 00:57 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-22 00:57 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-22 00:57 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-22 00:57 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-22 00:57 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-22 00:57 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-22 00:57 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-22 00:57 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-22 00:57 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-22 00:57 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-22 00:57 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-22 00:57 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-22 00:57 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-22 00:57 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-22 00:57 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-22 00:57 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-22 00:57 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-22 00:56 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-22 00:56 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-22 00:56 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-22 00:56 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-22 00:54 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-22 00:54 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-22 00:54 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-22 00:54 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-22 00:54 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-22 00:54 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-22 00:54 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-22 00:54 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-22 00:54 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-22 00:54 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-22 00:54 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-22 00:54 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-22 00:54 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-22 00:54 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-22 00:54 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-22 00:54 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-22 00:53 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-22 00:53 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-22 00:53 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-19 05:25 - 2012-12-19 05:25 - 00001981 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2012-12-19 04:54 - 2013-01-14 13:48 - 00000000 ____D C:\Program Files (x86)\StarMoney 8.0 S-Edition
2012-12-19 04:02 - 2012-12-19 04:55 - 00002080 ____A C:\Users\Public\Desktop\StarMoney 8.0 S-Edition.lnk
2012-12-19 04:02 - 2012-12-19 04:55 - 00000000 ____D C:\Users\All Users\StarMoney 8.0
==================== One Month Modified Files and Folders =======
2013-01-18 10:10 - 2012-09-20 22:47 - 00019107 ____A C:\Windows\setupact.log
2013-01-18 10:10 - 2011-06-04 01:00 - 00000072 ____A C:\Users\Public\LMDebug.log
2013-01-18 10:10 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-18 10:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-01-18 10:04 - 2013-01-17 15:43 - 00000004 ____A C:\Users\Baumgärtner\AppData\Roaming\skype.ini
2013-01-18 10:02 - 2011-01-25 14:12 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-18 10:01 - 2013-01-18 10:01 - 00282952 ____A C:\Windows\Minidump\011813-57189-01.dmp
2013-01-18 10:01 - 2012-09-21 23:51 - 562892321 ____A C:\Windows\MEMORY.DMP
2013-01-18 10:01 - 2010-02-01 12:22 - 00000000 ____D C:\Windows\Minidump
2013-01-18 09:59 - 2013-01-18 09:59 - 00282944 ____A C:\Windows\Minidump\011813-58422-01.dmp
2013-01-18 09:38 - 2013-01-18 09:38 - 00283088 ____A C:\Windows\Minidump\011813-57704-01.dmp
2013-01-18 09:35 - 2013-01-18 09:35 - 00282856 ____A C:\Windows\Minidump\011813-57049-01.dmp
2013-01-18 09:33 - 2013-01-18 09:33 - 00000000 ____D C:\Users\All Users\HitmanPro
2013-01-18 03:02 - 2010-01-08 16:24 - 01980020 ____A C:\Windows\WindowsUpdate.log
2013-01-18 02:52 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-18 02:52 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-17 15:44 - 2012-04-20 01:18 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-17 15:43 - 2013-01-17 15:43 - 00062976 ____A () C:\Users\Baumgärtner\6259162.exe
2013-01-17 15:43 - 2010-01-28 06:30 - 00000000 ____D C:\users\Baumgärtner
2013-01-17 15:18 - 2011-06-24 06:32 - 00000474 ____A C:\Windows\BRWMARK.INI
2013-01-17 15:07 - 2011-01-25 14:12 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-17 14:13 - 2009-11-19 03:09 - 00657910 ____A C:\Windows\System32\perfh007.dat
2013-01-17 14:13 - 2009-11-19 03:09 - 00131250 ____A C:\Windows\System32\perfc007.dat
2013-01-17 14:13 - 2009-07-13 21:13 - 01507342 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-16 11:50 - 2010-10-31 05:23 - 00001224 ____A C:\Windows\Brpfx04a.ini
2013-01-14 13:48 - 2012-12-19 04:54 - 00000000 ____D C:\Program Files (x86)\StarMoney 8.0 S-Edition
2013-01-14 04:36 - 2010-02-04 03:09 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-01-13 22:43 - 2012-05-03 00:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-01-12 08:24 - 2013-01-12 08:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-01-11 14:21 - 2010-01-29 05:21 - 00000000 ____D C:\Users\Baumgärtner\AppData\Local\Corel
2013-01-11 09:22 - 2010-02-02 00:12 - 00000000 ____D C:\Users\Baumgärtner\Documents\My PSP Files
2013-01-11 09:22 - 2010-01-29 05:20 - 00000900 __ASH C:\Users\All Users\KGyGaAvL.sys
2013-01-09 14:44 - 2012-04-20 01:18 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-09 14:44 - 2011-12-13 03:03 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-01-08 15:22 - 2011-06-06 04:10 - 00000000 ____D C:\Users\Baumgärtner\AppData\Roaming\Nitro PDF
2013-01-03 16:18 - 2010-02-26 14:22 - 00123392 ____A C:\Users\Baumgärtner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-31 08:13 - 2009-07-13 21:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-24 00:56 - 2012-09-21 23:51 - 00015344 ____A C:\Windows\PFRO.log
2012-12-24 00:49 - 2011-01-05 03:43 - 00000000 ____D C:\Users\Baumgärtner\AppData\Local\Research In Motion
2012-12-24 00:48 - 2010-10-24 06:22 - 00006140 ____A C:\Users\Baumgärtner\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-12-23 02:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-23 01:58 - 2009-07-13 20:45 - 05040936 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-22 00:58 - 2010-01-29 06:00 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-22 00:58 - 2009-11-18 19:33 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-19 10:19 - 2010-01-29 05:05 - 00136280 ____A C:\Users\Baumgärtner\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-19 05:25 - 2012-12-19 05:25 - 00001981 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2012-12-19 05:25 - 2009-11-18 20:18 - 00000000 ____D C:\Users\All Users\Adobe
2012-12-19 05:24 - 2012-01-20 02:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-12-19 04:55 - 2012-12-19 04:02 - 00002080 ____A C:\Users\Public\Desktop\StarMoney 8.0 S-Edition.lnk
2012-12-19 04:55 - 2012-12-19 04:02 - 00000000 ____D C:\Users\All Users\StarMoney 8.0
2012-12-19 04:54 - 2009-11-18 18:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-12-19 03:56 - 2009-07-13 18:34 - 00017486 ____A C:\Windows\System32\Drivers\etc\services
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points  =========================
Restore point made on: 2012-12-29 15:13:44
Restore point made on: 2013-01-06 04:30:16
Restore point made on: 2013-01-09 16:21:42
Restore point made on: 2013-01-09 17:26:07
Restore point made on: 2013-01-17 03:17:05
==================== Memory info =========================== 
Percentage of memory in use: 14%
Total physical RAM: 6133.86 MB
Available physical RAM: 5258.56 MB
Total Pagefile: 6132.01 MB
Available Pagefile: 5245.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:448.67 GB) (Free:312.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:465.76 GB) (Free:66.42 GB) NTFS
3 Drive f: (RECOVERY) (Fixed) (Total:16.79 GB) (Free:2.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
6 Drive i: (STICK) (Removable) (Total:15.08 GB) (Free:15.08 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B         
  Disk 1    Online          465 GB      0 B         
  Disk 2    Online           15 GB      0 B         
Partitions of Disk 0:
===============
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            199 MB  1024 KB
  Partition 2    Primary            448 GB   200 MB
  Partition 3    Primary             16 GB   448 GB
  Partition 4    Primary            103 MB   465 GB
==================================================================================
Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM       NTFS   Partition    199 MB  Healthy            
=========================================================
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   OS           NTFS   Partition    448 GB  Healthy            
=========================================================
Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     F   RECOVERY     NTFS   Partition     16 GB  Healthy            
=========================================================
Disk: 0
Partition 4
Type  : 0C
Hidden: No
Active: No
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G   HP_TOOLS     FAT32  Partition    103 MB  Healthy            
=========================================================
Partitions of Disk 1:
===============
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            465 GB  1024 KB
==================================================================================
Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: No
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     D   DATA         NTFS   Partition    465 GB  Healthy            
=========================================================
Partitions of Disk 2:
===============
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             15 GB    31 KB
==================================================================================
Disk: 2
Partition 1
Type  : 0C
Hidden: No
Active: Yes
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 6     I   STICK        FAT32  Removable     15 GB  Healthy            
=========================================================
Last Boot: 2013-01-13 23:52
==================== End Of Log =============================
          | 
|  18.01.2013, 19:26 | #8 | 
| /// TB-Ausbilder    |   Windows 7 startet und bleib mit einem grauen Bildschirm leer vielleicht GVU Trojaner Da haben wir es schon: Fix mit FRST 
 Kannst du normal booten? 
				__________________  Digitale Freibeuter gegen Malware!  Keine Hilfe per PM! | 
|  18.01.2013, 19:42 | #9 | 
|  |   Windows 7 startet und bleib mit einem grauen Bildschirm leer vielleicht GVU TrojanerCode: 
  ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2013
Ran by SYSTEM at 2013-01-18 19:35:39 Run:1
Running from I:\
==============================================
C:\Users\Baumgärtner\AppData\Roaming\skype.ini moved successfully.
C:\Users\Baumgärtner\6259162.exe moved successfully.
==== End of Fixlog ====
          | 
|  18.01.2013, 19:45 | #10 | 
| /// TB-Ausbilder    |   Windows 7 startet und bleib mit einem grauen Bildschirm leer vielleicht GVU Trojaner hmmm   2. Versuch: Code: 
  ATTFilter HKU\Baumgärtner\...\Winlogon: [Shell] explorer.exe,C:\Users\Baumgärtner\AppData\Roaming\skype.dat [62976 2011-11-16] ()
C:\Users\Baumgärtner\AppData\Roaming\skype.dat
         
				__________________  Digitale Freibeuter gegen Malware!  Keine Hilfe per PM! | 
|  18.01.2013, 19:51 | #11 | 
|  |   Windows 7 startet und bleib mit einem grauen Bildschirm leer vielleicht GVU TrojanerCode: 
  ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2013
Ran by SYSTEM at 18-01-2013 19:45:35
Running from I:\
Windows 7 Home Premium   (X64) OS Language: English(US) 
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-08-25] ()
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2012-07-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [15544 2009-08-25] ()
HKLM-x32\...\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-07-17] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Ghost 14.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe" [2245984 2008-01-19] (Symantec Corporation)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2011-05-19] (Huawei Technologies Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [618496 2010-06-07] ()
HKLM-x32\...\Run: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [1998848 2010-11-11] ()
HKLM-x32\...\Run: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [1998848 2010-11-11] ()
HKLM-x32\...\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-24] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [324 2012-09-04] ()
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-23] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [DellNSCST_GRNCH] "C:\Program Files (x86)\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" /HIDEUI [278528 2008-07-16] (Dell)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKU\Baumgärtner\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\Baumgärtner\...\Run: [Dexpot] C:\Program Files (x86)\Dexpot\dexpot.exe [1413120 2012-11-19] (Dexpot GbR)
HKU\Baumgärtner\...\Run: [ABBYY Screenshot Reader Bonus] "C:\Program Files (x86)\ABBYY PDF Transformer 3.0\Bonus.ScreenshotReader.exe" -autorun [939272 2010-03-24] (ABBYY)
HKU\Baumgärtner\...\Run: [AdobeBridge]  [x]
HKU\Baumgärtner\...\Policies\system: [DisableLockWorkstation] 0
HKU\Baumgärtner\...\Policies\system: [DisableChangePassword] 0
HKU\Baumgärtner\...\Winlogon: [Shell] explorer.exe,C:\Users\Baumgärtner\AppData\Roaming\skype.dat [62976 2011-11-16] ()
HKU\Max\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\Max\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Vesna\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\Vesna\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Vesna\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe -update activex [x]
HKU\xanthin\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\xanthin\...\Run: [Remote Control Editor] "C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [1689088 2010-06-09] (Elgato Systems)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\..\Interfaces\{7AA861DE-D044-431B-A87E-18137F4FE388}: [NameServer]217.237.150.188,217.237.150.33
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\Users\All Users\Start Menu\Programs\Startup\ControlCenter.lnk
ShortcutTarget: ControlCenter.lnk -> C:\Program Files (x86)\T-Home\Eumex 800 V1.30\ControlCenter.exe (T-Com)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
==================== Services (Whitelisted) ===================
2 ABBYY.Licensing.PDFTransformer.Classic.3.0; "C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe" -service [759048 2010-02-01] (ABBYY)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-23] (AVAST Software)
3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2999664 2007-09-26] (Symantec Corporation)
2 NitroReaderDriverReadSpool2; "C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe" [341296 2011-06-21] (Nitro PDF Software)
2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4388192 2008-01-19] (Symantec Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 Samsung Network Fax Server; "C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe" [216576 2010-03-07] (Samsung Electronics Co., Ltd.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
2 StarMoney 7.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
2 StarMoney 8.0 OnlineUpdate; "C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe" [692432 2012-06-28] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
2 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe /Processid:{7E2A9886-3A3B-4E7B-968E-BACFBBCA486F} [9728 2009-07-13] (Microsoft Corporation)
2 Symantec SymSnap VSS Provider; C:\Windows\SysWow64\dllhost.exe /Processid:{7E2A9886-3A3B-4E7B-968E-BACFBBCA486F} [7168 2009-07-13] (Microsoft Corporation)
3 SymSnapService; "C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe" [2538480 2007-12-20] (Symantec)
2 TVCapSvc; "C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe" [296360 2009-10-06] ()
==================== Drivers (Whitelisted) =====================
3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-13] (Microsoft Corporation)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-23] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-23] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-23] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [364096 2012-10-23] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-23] (AVAST Software)
3 AVerAF15; C:\Windows\System32\Drivers\AVerAF15.sys [311424 2009-05-21] (AVerMedia TECHNOLOGIES, Inc.)
2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [53816 2009-07-13] (Samsung Electronics Co., Ltd.)
3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-10-12] (Huawei Technologies Co., Ltd.)
2 SSPORT; C:\Windows\SysWow64\Drivers\SSPORT.sys [11576 2009-07-11] (Samsung Electronics)
0 symsnap; C:\Windows\System32\Drivers\symsnap.sys [165424 2007-12-20] (StorageCraft)
2 v2imount; C:\Windows\System32\Drivers\v2imount.sys [45104 2008-01-19] (Symantec Corporation)
3 VProEventMonitor; C:\Windows\System32\Drivers\VProEventMonitor.sys [20528 2008-01-19] (Symantec Corporation)
2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-16] (CyberLink Corp.)
4 eabfiltr;  [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]
3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x64\Sandra.sys [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2013-01-18 10:37 - 2013-01-18 10:43 - 00000004 ____A C:\Users\Baumgärtner\AppData\Roaming\skype.ini
2013-01-18 10:01 - 2013-01-18 10:01 - 00282952 ____A C:\Windows\Minidump\011813-57189-01.dmp
2013-01-18 09:59 - 2013-01-18 09:59 - 00282944 ____A C:\Windows\Minidump\011813-58422-01.dmp
2013-01-18 09:38 - 2013-01-18 09:38 - 00283088 ____A C:\Windows\Minidump\011813-57704-01.dmp
2013-01-18 09:35 - 2013-01-18 09:35 - 00282856 ____A C:\Windows\Minidump\011813-57049-01.dmp
2013-01-18 09:33 - 2013-01-18 09:33 - 00000000 ____D C:\Users\All Users\HitmanPro
2013-01-12 08:24 - 2013-01-12 08:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-22 00:57 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-22 00:57 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-22 00:57 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-22 00:57 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-22 00:57 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-22 00:57 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-22 00:57 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-22 00:57 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-22 00:57 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-22 00:57 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-22 00:57 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-22 00:57 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-22 00:57 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-22 00:57 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-22 00:57 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-22 00:57 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-22 00:57 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-22 00:57 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-22 00:57 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-22 00:57 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-22 00:57 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-22 00:57 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-22 00:57 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-22 00:57 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-22 00:57 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-22 00:57 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-22 00:57 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-22 00:57 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-22 00:57 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-22 00:57 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-22 00:57 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-22 00:57 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-22 00:56 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-22 00:56 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-22 00:56 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-22 00:56 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-22 00:54 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-22 00:54 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-22 00:54 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-22 00:54 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-22 00:54 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-22 00:54 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-22 00:54 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-22 00:54 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-22 00:54 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-22 00:54 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-22 00:54 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-22 00:54 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-22 00:54 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-22 00:54 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-22 00:54 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-22 00:54 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-22 00:54 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-22 00:53 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-22 00:53 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-22 00:53 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-19 05:25 - 2012-12-19 05:25 - 00001981 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2012-12-19 04:54 - 2013-01-14 13:48 - 00000000 ____D C:\Program Files (x86)\StarMoney 8.0 S-Edition
2012-12-19 04:02 - 2012-12-19 04:55 - 00002080 ____A C:\Users\Public\Desktop\StarMoney 8.0 S-Edition.lnk
2012-12-19 04:02 - 2012-12-19 04:55 - 00000000 ____D C:\Users\All Users\StarMoney 8.0
==================== One Month Modified Files and Folders =======
2013-01-18 19:35 - 2010-01-28 06:30 - 00000000 ____D C:\users\Baumgärtner
2013-01-18 19:14 - 2013-01-18 19:14 - 00000000 ____D C:\FRST
2013-01-18 10:43 - 2013-01-18 10:37 - 00000004 ____A C:\Users\Baumgärtner\AppData\Roaming\skype.ini
2013-01-18 10:43 - 2011-06-04 01:00 - 00000072 ____A C:\Users\Public\LMDebug.log
2013-01-18 10:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-01-18 10:37 - 2012-09-20 22:47 - 00019163 ____A C:\Windows\setupact.log
2013-01-18 10:37 - 2011-01-25 14:12 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-18 10:37 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-18 10:01 - 2013-01-18 10:01 - 00282952 ____A C:\Windows\Minidump\011813-57189-01.dmp
2013-01-18 10:01 - 2012-09-21 23:51 - 562892321 ____A C:\Windows\MEMORY.DMP
2013-01-18 10:01 - 2010-02-01 12:22 - 00000000 ____D C:\Windows\Minidump
2013-01-18 09:59 - 2013-01-18 09:59 - 00282944 ____A C:\Windows\Minidump\011813-58422-01.dmp
2013-01-18 09:38 - 2013-01-18 09:38 - 00283088 ____A C:\Windows\Minidump\011813-57704-01.dmp
2013-01-18 09:35 - 2013-01-18 09:35 - 00282856 ____A C:\Windows\Minidump\011813-57049-01.dmp
2013-01-18 09:33 - 2013-01-18 09:33 - 00000000 ____D C:\Users\All Users\HitmanPro
2013-01-18 03:02 - 2010-01-08 16:24 - 01984527 ____A C:\Windows\WindowsUpdate.log
2013-01-18 02:52 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-18 02:52 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-17 15:44 - 2012-04-20 01:18 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-17 15:18 - 2011-06-24 06:32 - 00000474 ____A C:\Windows\BRWMARK.INI
2013-01-17 15:07 - 2011-01-25 14:12 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-17 14:13 - 2009-11-19 03:09 - 00657910 ____A C:\Windows\System32\perfh007.dat
2013-01-17 14:13 - 2009-11-19 03:09 - 00131250 ____A C:\Windows\System32\perfc007.dat
2013-01-17 14:13 - 2009-07-13 21:13 - 01507342 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-16 11:50 - 2010-10-31 05:23 - 00001224 ____A C:\Windows\Brpfx04a.ini
2013-01-14 13:48 - 2012-12-19 04:54 - 00000000 ____D C:\Program Files (x86)\StarMoney 8.0 S-Edition
2013-01-14 04:36 - 2010-02-04 03:09 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-01-13 22:43 - 2012-05-03 00:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-01-12 08:24 - 2013-01-12 08:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-01-11 14:21 - 2010-01-29 05:21 - 00000000 ____D C:\Users\Baumgärtner\AppData\Local\Corel
2013-01-11 09:22 - 2010-02-02 00:12 - 00000000 ____D C:\Users\Baumgärtner\Documents\My PSP Files
2013-01-11 09:22 - 2010-01-29 05:20 - 00000900 __ASH C:\Users\All Users\KGyGaAvL.sys
2013-01-09 14:44 - 2012-04-20 01:18 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-09 14:44 - 2011-12-13 03:03 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-01-08 15:22 - 2011-06-06 04:10 - 00000000 ____D C:\Users\Baumgärtner\AppData\Roaming\Nitro PDF
2013-01-03 16:18 - 2010-02-26 14:22 - 00123392 ____A C:\Users\Baumgärtner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-31 08:13 - 2009-07-13 21:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-24 00:56 - 2012-09-21 23:51 - 00015344 ____A C:\Windows\PFRO.log
2012-12-24 00:49 - 2011-01-05 03:43 - 00000000 ____D C:\Users\Baumgärtner\AppData\Local\Research In Motion
2012-12-24 00:48 - 2010-10-24 06:22 - 00006140 ____A C:\Users\Baumgärtner\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-12-23 02:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-23 01:58 - 2009-07-13 20:45 - 05040936 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-22 00:58 - 2010-01-29 06:00 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-22 00:58 - 2009-11-18 19:33 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-19 10:19 - 2010-01-29 05:05 - 00136280 ____A C:\Users\Baumgärtner\AppData\Local\GDIPFONTCACHEV1.DAT
2012-12-19 05:25 - 2012-12-19 05:25 - 00001981 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2012-12-19 05:25 - 2009-11-18 20:18 - 00000000 ____D C:\Users\All Users\Adobe
2012-12-19 05:24 - 2012-01-20 02:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-12-19 04:55 - 2012-12-19 04:02 - 00002080 ____A C:\Users\Public\Desktop\StarMoney 8.0 S-Edition.lnk
2012-12-19 04:55 - 2012-12-19 04:02 - 00000000 ____D C:\Users\All Users\StarMoney 8.0
2012-12-19 04:54 - 2009-11-18 18:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-12-19 03:56 - 2009-07-13 18:34 - 00017486 ____A C:\Windows\System32\Drivers\etc\services
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points  =========================
Restore point made on: 2012-12-29 15:13:44
Restore point made on: 2013-01-06 04:30:16
Restore point made on: 2013-01-09 16:21:42
Restore point made on: 2013-01-09 17:26:07
Restore point made on: 2013-01-17 03:17:05
==================== Memory info =========================== 
Percentage of memory in use: 14%
Total physical RAM: 6133.86 MB
Available physical RAM: 5259.11 MB
Total Pagefile: 6132.01 MB
Available Pagefile: 5247.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:448.67 GB) (Free:312.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:465.76 GB) (Free:66.42 GB) NTFS
3 Drive f: (RECOVERY) (Fixed) (Total:16.79 GB) (Free:2.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
6 Drive i: (STICK) (Removable) (Total:15.08 GB) (Free:15.08 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B         
  Disk 1    Online          465 GB      0 B         
  Disk 2    Online           15 GB      0 B         
Partitions of Disk 0:
===============
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            199 MB  1024 KB
  Partition 2    Primary            448 GB   200 MB
  Partition 3    Primary             16 GB   448 GB
  Partition 4    Primary            103 MB   465 GB
==================================================================================
Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM       NTFS   Partition    199 MB  Healthy            
=========================================================
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   OS           NTFS   Partition    448 GB  Healthy            
=========================================================
Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     F   RECOVERY     NTFS   Partition     16 GB  Healthy            
=========================================================
Disk: 0
Partition 4
Type  : 0C
Hidden: No
Active: No
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G   HP_TOOLS     FAT32  Partition    103 MB  Healthy            
=========================================================
Partitions of Disk 1:
===============
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            465 GB  1024 KB
==================================================================================
Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: No
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     D   DATA         NTFS   Partition    465 GB  Healthy            
=========================================================
Partitions of Disk 2:
===============
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             15 GB    31 KB
==================================================================================
Disk: 2
Partition 1
Type  : 0C
Hidden: No
Active: Yes
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 6     I   STICK        FAT32  Removable     15 GB  Healthy            
=========================================================
Last Boot: 2013-01-13 23:52
==================== End Of Log =============================
          | 
|  18.01.2013, 19:52 | #12 | 
| /// TB-Ausbilder    |   Windows 7 startet und bleib mit einem grauen Bildschirm leer vielleicht GVU Trojaner Entschuldige ich hatte es editiert mache bitte diesen Fix: Code: 
  ATTFilter HKU\Baumgärtner\...\Winlogon: [Shell] explorer.exe,C:\Users\Baumgärtner\AppData\Roaming\skype.dat [62976 2011-11-16] ()
C:\Users\Baumgärtner\AppData\Roaming\skype.dat
C:\Users\Baumgärtner\AppData\Roaming\skype.ini
         
				__________________  Digitale Freibeuter gegen Malware!  Keine Hilfe per PM! | 
|  18.01.2013, 19:55 | #13 | 
|  |   Windows 7 startet und bleib mit einem grauen Bildschirm leer vielleicht GVU Trojaner das komplette fenster wieder in diese datei schreiben ??  | 
|  18.01.2013, 19:56 | #14 | 
| /// TB-Ausbilder    |   Windows 7 startet und bleib mit einem grauen Bildschirm leer vielleicht GVU Trojaner Exakt so wie vorhin, genau.  
				__________________  Digitale Freibeuter gegen Malware!  Keine Hilfe per PM! | 
|  18.01.2013, 20:03 | #15 | 
|  |   Windows 7 startet und bleib mit einem grauen Bildschirm leer vielleicht GVU TrojanerCode: 
  ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2013
Ran by SYSTEM at 2013-01-18 19:57:42 Run:2
Running from I:\
==============================================
HKEY_USERS\Baumgärtner\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
C:\Users\Baumgärtner\AppData\Roaming\skype.dat moved successfully.
C:\Users\Baumgärtner\AppData\Roaming\skype.ini moved successfully.
==== End of Fixlog ====
          | 
|  | 
| Themen zu Windows 7 startet und bleib mit einem grauen Bildschirm leer vielleicht GVU Trojaner | 
| bekannte, benötigt, bildschirm, desktop, einfach, hoffe, infiziert, laptop, leer, maus, maustaste, programme, reagiert, rechtsklick, start, start von windows, starte, startet, stehe, tan, troja, trojaner, vorhanden, windows, windows 7, zugreifen |